Description
Job Title : Open Source Technology Application Security SpecialistLocation : Kolkata , Bangalore
Position Overview
We are seeking a highly skilled Application Security Specialist with strong expertise in open-source technologies and modern web development frameworks such as React, Node.js, Python, and Angular. The ideal candidate will have a deep understanding of application-level vulnerabilities, secure coding practices, and penetration testing methodologies.You will be responsible for identifying, mitigating, and preventing security risks across our front-end and back- end applications, ensuring that robust security controls are embedded throughout the Software DevelopmentLifecycle (SDLC). The successful candidate will collaborate closely with engineering, DevOps, and infrastructureteams to strengthen the overall security posture of applications hosted across cloud and on-premise environments.You will be responsible for identifying, mitigating, and preventing security risks across our cloud and applications while collaborating closely with development and infrastructure teams. The successful candidate will be responsible for implementing robust security practices throughout the application development lifecycle, conducting vulnerability assessments, and performing penetration testing to safeguard our applications built on diverse technological stacks, including .NET, ASP.NET, IIS, Windows OS etc.
Key Responsibilities
Secure Coding Governance :
- Establish, enforce, and monitor secure coding standards across all open-source technology stacks (React, Node.js, Python, Angular, etc.) to minimize application security risks.
Vulnerability Management
- Identify, analyze, and remediate security vulnerabilities within codebases, APIs, and cloud applications. Focus areas include injection attacks, cross-site scripting (XSS), insecure deserialization, and related OWASP Top 10 issues.
Penetration Testing
- Plan and execute penetration tests and dynamic security assessments to uncover application weaknesses and
work with development teams to implement corrective measures.
Web Application Firewalls (WAF) And Cloud Security
- Configure, tune, and monitor WAFs, API gateways, and cloud-native security tools (AWS/Azure/GCP) to protect open-source applications and services.
Technical Leadership
- Provide technical guidance on secure design and implementation for open-source frameworks and tools.
- Leverage expertise in React, Node.js, Python, Angular, and related libraries to support secure architecture decisions.
Collaboration And Training
- Work closely with product engineering, QA, and operations teams to embed security best practices across all stages of development. Conduct developer training and knowledge sessions to strengthen security awareness.
Continuous Improvement
- Perform threat modeling and design reviews for new and existing applications.
- Develop and automate security validation tools and scripts to identify vulnerabilities early in the SDLC.
- Monitor and respond to application-level security incidents and provide root-cause analysis.
- Continuously research emerging security threats, tools, and frameworks relevant to open-source ecosystems.
- Monitor, investigate, and respond to security incidents and intrusion attempts. Stay abreast of the latest security threats, trends, and technologies, and continuously improve security policies, tools, processes frameworks, and compliance standards. Support and mentor developers on secure design and architecture. Stay abreast of the latest security threats, trends, and technologies, and continuously improve security policies, tools, and processes.
Required Qualifications And Skills
Technical Proficiency :
- Strong hands-on experience in React, Node.js, Python, Angular, and related open-source technologies.
- Solid understanding of RESTful APIs, OAuth2/OpenID Connect, JWT, and microservices architectures.
Security Expertise
- Comprehensive understanding of application security principles, OWASP Top 10, and secure SDLC methodologies.
- Experience performing static and dynamic code analysis (SAST/DAST) and API security testing.
Security Tools Experience
- Proficient in open-source and commercial security tools such as Burp Suite, OWASP ZAP, SonarQube, Checkmarx, or similar vulnerability scanners.
Analytical Abilities
- Strong analytical and problem-solving skills to assess complex application security issues and implement effective mitigation strategies.
Communication
- Excellent interpersonal and communication skills with the ability to collaborate effectively with engineering teams and key stakeholders.
Preferred Qualifications
- Security certifications such as OSCP, CEH, CSSLP, GIAC GWAPT, or equivalent.
- Experience in Agile and DevSecOps environments.
- Familiarity with container security (Docker, Kubernetes) and cloud-native security practices (AWS/GCP/Azure).
- Experience integrating security automation in CI/CD pipelines.
(ref:hirist.tech)
